diff options
| author | Sam Hartman <hartmans@mit.edu> | 2010-01-07 18:32:20 +0000 |
|---|---|---|
| committer | Sam Hartman <hartmans@mit.edu> | 2010-01-07 18:32:20 +0000 |
| commit | 15e99b5df51cb097a390a1f0a9c12b8e783456a0 (patch) | |
| tree | 8706e43006e356da270cc2442cf1a5fac9971b8b /src/tests/dejagnu/config | |
| parent | 7f6947ecb4c919e7970337e7bfccae053e19b0b4 (diff) | |
| download | krb5-15e99b5df51cb097a390a1f0a9c12b8e783456a0.tar.gz krb5-15e99b5df51cb097a390a1f0a9c12b8e783456a0.tar.xz krb5-15e99b5df51cb097a390a1f0a9c12b8e783456a0.zip | |
automated tests for anonymous pkinit
Implement tests for anonymous pkinit. A certificate and private key
are checked in; these tests will stop working in 2023.
Note that r23602 needs to be pulled up before this ticket.
ticket: 6624
target_version: 1.8
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@23604 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/tests/dejagnu/config')
| -rw-r--r-- | src/tests/dejagnu/config/default.exp | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/src/tests/dejagnu/config/default.exp b/src/tests/dejagnu/config/default.exp index e05850211..7e18f7a72 100644 --- a/src/tests/dejagnu/config/default.exp +++ b/src/tests/dejagnu/config/default.exp @@ -960,7 +960,9 @@ proc setup_krb5_conf { {type client} } { global portbase global KRB5_DB_MODULE_DIR global KRB5_PA_MODULE_DIR + global srcdir + set pkinit_certs [findfile "[pwd]/$srcdir/pkinit-certs" "[pwd]/$srcdir/pkinit-certs" "$srcdir/pkinit-certs"] # Create a krb5.conf file. if { ![file exists $tmppwd/krb5.$type.conf] \ || $last_passname_conf != $multipass_name } { @@ -973,6 +975,7 @@ proc setup_krb5_conf { {type client} } { } else { puts $conffile " allow_weak_crypto = true" } + puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem" if [info exists default_tgs_enctypes($type)] { puts $conffile \ " default_tgs_enctypes = $default_tgs_enctypes($type)" @@ -1000,6 +1003,8 @@ proc setup_krb5_conf { {type client} } { # failures. If we were running the client and KDC on different # hosts, this would be okay.... #puts $conffile " kdc = $hostname:[expr 6 + $portbase]" + puts $conffile " pkinit_identity = FILE:$pkinit_certs/kdc.pem,$pkinit_certs/privkey.pem" + puts $conffile " pkinit_anchors = FILE:$pkinit_certs/ca.pem" puts $conffile " kdc = $hostname:[expr 1 + $portbase]" puts $conffile " admin_server = $hostname:[expr 4 + $portbase]" puts $conffile " kpasswd_server = $hostname:[expr 5 + $portbase]" @@ -2257,6 +2262,23 @@ proc kinit_fast { name pass standalone } { return 1 } +proc kinit_anonymous { name } { + global REALMNAME + global KINIT + global spawn_id + + # Use kinit to get a ticket. + # + spawn $KINIT -5 -f -n $name@$REALMNAME + expect eof + if ![check_exit_status kinit] { + fail "kinit anonymous" + } + + pass "kinit anonymous" + return 1 +} + proc kinit_kt { name keytab standalone testname } { global REALMNAME global KINIT |